DNS deluge for x.p.ctrc.cc

Gadi Evron ge at linuxbox.org
Fri Feb 24 18:19:18 UTC 2006

Estes, Paul wrote:
> Actually, what we are seeing does not appear to be an amplification
> attack. It appears to be a request flood from infected machines.
> We have anti-spoofing filters on our upstream connections as well as our
> subscriber's access lines. The source addresses are not spoofed. They
> are valid subscriber source IP's.
> Based on some cached entries I have found in other nameservers, CTRC.CC
> was apparently hacked and was delegating a number of subdomains to
> another nameserver that was issuing the 4K TXT record. The delegation
> has now been removed, and the nameserver they were delegated to appears
> to be offline.

Do they all happen to be connecting to one outside IP address? :)

More information about the NANOG mailing list